Event tracing for Windows (ETW) for Common Language Runtime events must be enabled.

From Microsoft Dot Net Framework 4.0 STIG

Part of APPNET0067 .NET Event Tracing for Windows.

Associated with IA controls: DCSL-1

SV-41075r1_rule Event tracing for Windows (ETW) for Common Language Runtime events must be enabled.

Vulnerability discussion

Event tracing captures information about applications utilizing the .NET CLR and the .NET CLR itself. This includes security oriented information, such as Strong Name and Authenticode verification. Beginning with Windows Vista, ETW is enabled by default however, the .Net CLR and .Net applications can be configured to not utilize Event Tracing. If ETW event tracing is disabled, critical events that occurred within the runtime will not be captured in event logs.

Check content

Fix text

Open Windows explorer and search for all .NET config files including application config files (*.exe.config). Examine the configuration settings for . Enable ETW Tracing by setting the etwEnable flag to "true" or obtain documented IAO approvals.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer